summaryrefslogtreecommitdiff
path: root/sys/net/if_pfsync.c
AgeCommit message (Expand)Author
2010-09-27must have either PR_WAITOK or PR_NOWAIT set.David Gwynne
2010-09-08creating a pfsync interface is always done from process context, soBret Lambert
2010-07-28pfsync_bulk_fail was mucking around with pfsync_softc and sending packetsDavid Gwynne
2010-07-25Add missing braces so a loop will function as intended.Jonathan Gray
2010-07-09Add support for using IPsec in multiple rdomains.Reyk Floeter
2010-07-09instead of saying we're using the all the states in the table whenDavid Gwynne
2010-07-09-#if 1 || defined(PFSYNC_DEBUG)David Gwynne
2010-07-09the current code doesnt detect when its filled a bulk packet so itDavid Gwynne
2010-07-09sending of bulk updates has been very broken since r1.124.David Gwynne
2010-05-24remove bpfdetach() here, because it is called correctly in if_detach()David Gwynne
2010-05-12bzero() the full compressed update struct before setting the values.Claudio Jeker
2010-04-25Properly adjust group demotion counters when groups are added orMarco Pfatschbacher
2010-03-23Fix a crash in pfsync when running IPSEC.Pierre-Yves Ritschard
2010-03-01shuffle slightly and add more splassert.David Gwynne
2010-02-17dont defer broadcast or multicast packets.David Gwynne
2010-01-18Convert pf debug logging to using log()/addlog(), a single standardisedRyan Thomas McBride
2010-01-12factor m_pulldown out of the message handlers up into pfsync_input nowDavid Gwynne
2010-01-12check the new pfsync_subheader len field on input.David Gwynne
2010-01-12Remove bpfdetach() call right in front of the if_detach() call sinceClaudio Jeker
2010-01-11remove some debug code that snuck in somehow.David Gwynne
2010-01-10replace a pad in the pfsync subheader with a length field. it stores theDavid Gwynne
2009-12-14fix sticky-address - by pretty much re-implementing it. still followingHenning Brauer
2009-12-03fix order dependency of pfsync interface setup, with claudio;Otto Moerbeek
2009-11-23remove the nat_rule pointer on pf_state and pf_pdesc, obsolete afterHenning Brauer
2009-11-22cleanup after the NAT changes. we used to have multiple rulesets (scrub,Henning Brauer
2009-11-12be paranoid in case the action array changes size (again, grr)Theo de Raadt
2009-11-03rtables are stacked on rdomains (it is possible to have multiple routingClaudio Jeker
2009-09-28when inserting a state, turn the error that pf_state_insert returnsDavid Gwynne
2009-08-16remove prototypes of a bunch of functions that had their implementationsJonathan Gray
2009-06-17do better detection of when we have a better version of the tcp sequenceDavid Gwynne
2009-06-14enable support for deferring the packet that creates a state so that yourDavid Gwynne
2009-06-12rewrite the way states from pfsync are merged into the local state treeDavid Gwynne
2009-06-10jj reported a panic in bulk updates to me. this is my attempt to fix theDavid Gwynne
2009-05-13dont go splx(s) in the ioctl handler if we havent done splnet(). this addsDavid Gwynne
2009-05-13only keep track of the number of updates on tcp connections. state sync onDavid Gwynne
2009-04-15move pfsync stale update messages to NOISY level; ok dlg@ henning@David Krause
2009-04-04use time_uptime instead of time_second internally. time_uptime isntDavid Gwynne
2009-03-31do not include space in the end of the from for a hmac. after discussionDavid Gwynne
2009-03-23wait an appropriate amount of time before giving up on a bulk update,David Gwynne
2009-03-17we do know how to handle iack. in the rx path at least.David Gwynne
2009-03-15Introduce splsoftassert(), similar to splassert() but for soft interruptMiod Vallat
2009-03-01rework serialisation of messages slightly.David Gwynne
2009-03-01check pfsyncs IFF_RUNNING flag before doing stuff. should save time forDavid Gwynne
2009-03-01i can't see a reason that we'd need to go to splnet to call ip_output.David Gwynne
2009-02-26bulk updates are sent from a timeout which walks over the state tree andDavid Gwynne
2009-02-24restore the parsing of incoming tdb update messages. this was disabledDavid Gwynne
2009-02-24request a bulk update when the pfsync if configuration is changed via anDavid Gwynne
2009-02-23dont put pfsync packets on the wire if no syncdev is specified. issuesDavid Gwynne
2009-02-18if a peer requests a state that is marked as NOSYNC, then skip it.David Gwynne
2009-02-17// style comments shouldnt be in the tree.David Gwynne